package com.appleyk.mall.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * <p>越努力，越幸运</p>
 *
 * @author appleyk
 * @version V.0.1.1
 * @blob https://blog.csdn.net/appleyk
 * @date created on  8:27 下午 2021/1/4
 */
@RestController
@CrossOrigin
@RequestMapping(value = "r",produces = {"text/plain;charset=utf-8"})
public class ResourceController {

    // 访问资源r1
    @GetMapping("/r1")
    // 只有有p1和p3中的任意一个权限既可以访问该资源
    //@PreAuthorize("hasAnyAuthority('p1','p3')")
    @PreAuthorize("hasAuthority('p2')")
    public String getResource3(){return  "访问资源1";}

}
